Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-2814

A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /mkshope/login.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206401 was assigned to this vulnerability.

CVE
Open in Source
#xss#vulnerability#php
CVE-2022-2152

The Duplicate Page and Post Plugin WordPress plugin through 2.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CVE-2022-2378

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

CVE-2022-2384

The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CVE-2022-2116

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

Vulnerability Management news and publications #2

Hello everyone! This is the second episode of Vulnerability Management news and publications. In fact, this is a collection of my posts from the avleonovcom and avleonovrus telegram channels. Therefore, if you want to read them earlier, subscribe to these channels. Alternative video link (for Russia): https://vk.com/video-149273431_456239097 What’s in this episode: Microsoft released a propaganda […]

GHSA-9hmc-87h4-w869: ForkCMS stored XSS via `start_date` parameter

A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the `start_date` Parameter. This issue was patched in version 5.11.0.

GHSA-pw4j-r69m-rrr5: ForkCMS XSS via `end_date` parameter

A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the `end_date` Parameter. This issue was patched in version 5.11.0.

GHSA-65wf-qm95-6mhm: ForkCMS XSS via `publish_on_date` parameter

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the `publish_on_date` Parameter. This issue was patched in version 5.11.0.

GHSA-q4qv-3x58-rxmh: ForkCMS XSS via `publish_on_time` parameter

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the `publish_on_time` Parameter. This issue was patched in version 5.11.0.